BrowserStack is back online after temporarily suspending service due to an attack.

The company stated it had been hacked after someone sent an email to customers claiming the company was shutting down and had failed to follow-through on promises related to security. Founded in 2011, BrowserStack is a cross-browser testing tool used to test websites and servers.

A copy of the email was posted to Pastebin.

“Not only do all of our administrators have access, but so does the general public,” the hacker claims in the email. “We have no firewalls in place, and our password policies are atrocious. All virtual machines launched are open to the public, accessible to anyone with the alpha password “nakula” on port 5901, a password which is stored in plaintext on every VM. As well, our infrastructure uses the same root passwords on all machines, which is also stored in plaintext on every VM launched (“c0stac0ff33″).”

“Given the propensity for cyber criminals to target infrastructure services such as ours, it is almost certain all of your data has been compromised,” the email states. “These passwords take no less than 15 minutes to find for anyone who is looking. We hope we have not caused you too much trouble, and to our enterprise customers who signed deals contracts based on a fabrication, we are equally sorry.”

It is not known whether any of the hacker’s claims in the email are true. According to BrowserStack, the hacker’s access was limited solely to a list of email addresses.

“All BrowserStack services are now up and running,” the company tweeted shortly after noon PST. “We are keeping a strong check and will email all users the entire analysis.”

The company said it will post a post-mortem of the attack.

BrowserStack serves some 25,000 customers and more than 520,000 registered developers across the world.

Tags:

• NEWS & INDUSTRY
• Cybercrime

Google announced on Friday it has acquired UK startup spider.io for its technology used in the fight against online advertising fraud.

According to Google, the spider.io team has spent the past 3 years building a “world-class ad fraud fighting operation” that the search giant plans to integrate into its products. 

“By including spider.io’s fraud-fighting expertise in our products, we can scale our efforts to weed out bad actors and improve the entire digital ecosystem,” Neal Mohan, VP, Display Advertising at Google’s DoubleClick unit, wrote in a blog post announcing the acquisition.

“Our immediate priority is to include their fraud detection technology in our video and display ads products, where they will complement our existing efforts,” Mohan continued. “Over the long term, our goal is to improve the metrics that advertisers and publishers use to determine the value of digital media and give all parties a clearer, cleaner picture of what campaigns and media are truly delivering strong results. Also, by including spider.io’s fraud fighting expertise in our products, we can scale our efforts to weed out bad actors and improve the entire digital ecosystem.”

Terms of the acquistion were not disclosed.

Earlier this month, Google acquired security startup SlickLogin, an Israeli company working on innovative authentication solutions that leverage mobile and audio technology.

Related: Flashback Trojan Targets Big Profits Through Google Ads Fraud Scheme

Related: ‘One-Click’ Scammers Changing Tactics: Symantec

Tags:

• NEWS & INDUSTRY
• Fraud & Identity Theft

US, Britain ‘Spying on Virtual World’: Report

WASHINGTON – US and British intelligence have been spying on the global online gaming world because they fear terrorists could use the hugely popular platform to plot attacks, a report said Monday.

Spies have created characters in the fantasy worlds of Second Life and World of Warcraft to carry out surveillance, recruit informers and collect data, The New York Times said, citing newly disclosed classified documents from fugitive US intelligence leaker Edward Snowden.

The report came as eight leading US-based technology companies called on Washington to overhaul its surveillance laws following months of revelations of online eavesdropping from the former National Security Agency (NSA) contractor.

“Fearing that terrorist or criminal networks could use the games to communicate secretly, move money or plot attacks, the documents show, intelligence operatives have entered terrain populated by digital avatars that include elves, gnomes and supermodels,” the Times said.

“The spies have created make-believe characters to snoop and to try to recruit informers, while also collecting data and contents of communications between players,” the report said.

It added: “Because militants often rely on features common to video games — fake identities, voice and text chats, a way to conduct financial transactions — American and British intelligence agencies worried that they might be operating there, according to the papers.”

The report cited a 2008 NSA paper that warned that the virtual games — played by millions of people the world over — allowed intelligence suspects “a way to hide in plain sight.”

The documents do not give any examples of success from the initiative, the report said, adding that experts and former intelligence officials said “that they knew of little evidence that terrorist groups viewed the games as havens to communicate and plot operations.”

The surveillance, which also included Microsoft’s Xbox Live, could raise privacy concerns, noted the newspaper.

Apple, Facebook, Google, Microsoft, Twitter, Yahoo, AOL and LinkedIn meanwhile wrote an open letter to President Barack Obama and the US Congress calling on Washington to lead the way in a worldwide reform of state-sponsored spying.

“We understand that governments have a duty to protect their citizens. But this summer’s revelations highlighted the urgent need to reform government surveillance practices worldwide,” the letter said.

Tags:

• NEWS & INDUSTRY
• Privacy
• Tracking & Law Enforcement